Analysis

  • max time kernel
    150s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/08/2024, 03:06

General

  • Target

    dbb7bb6e7de25eceddb2432dca120e4008e4c18f1a98b0e65493de0baa68a220.exe

  • Size

    60KB

  • MD5

    da8dc7bb0b35d75033c47aaa118d5dc5

  • SHA1

    f94e460a50d62a2524ffcac8a47ed0636dd112b2

  • SHA256

    dbb7bb6e7de25eceddb2432dca120e4008e4c18f1a98b0e65493de0baa68a220

  • SHA512

    08462da00a0ff00a74e94ab89833e89c422e0ccb72c13de76b7f424f2d7cc40aacddfad0c944f5b22cc91376bab22a35058786627fe2636e875a510ff3295962

  • SSDEEP

    1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8UKc:Te76WQSoH

Score
9/10

Malware Config

Signatures

  • Renames multiple (5220) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbb7bb6e7de25eceddb2432dca120e4008e4c18f1a98b0e65493de0baa68a220.exe
    "C:\Users\Admin\AppData\Local\Temp\dbb7bb6e7de25eceddb2432dca120e4008e4c18f1a98b0e65493de0baa68a220.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    c21cfe30a8287f01f3cdb7cf07967187

    SHA1

    45e73f93c8666277821d2ae9a37fa8984e3941e5

    SHA256

    37268cfa694f58a0d5d8b21bfb30cbe7c5f596746f8e50ccc13753ea13466b8a

    SHA512

    8324d823a498e52218a0fc5c30ad42b5b5b16cb36f37ab650e27ec34e590a9643a4de4d679a04bcdf0a951f9b24afde7d868f7af8563b4975215cdfdee6b7411

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    159KB

    MD5

    25c4a8ea5feb26b8895649d3cef293f4

    SHA1

    e1709ca2c1788b48cff3a7fae8398d339593707e

    SHA256

    66d740c00c1a02a212ea9daab0c1845ebf5e758b1ef20937218d82a3b59b7519

    SHA512

    cca964def2290808fcdd8b26cf2164cc68c51409c9abddaa578beb3ca29610346b04e1a461c5d22f56e9b6859e3295aa22ca46701bd6f23aabf0ab1299d9578a